Change Default Web site port - now clients fail to appear in Conso

Using just just HTTP currently.

I wanted to use a non-standard port for clients to connect, so uninstalled
WSUS (leaving database etc) and reinstalled and changed option such that
Console created two web sites. I chose port 8530 as it was the only option.

My understanding is I can now modify the default port 80 for the 'default'
IIS website to what I require.

I've done this and ensured that clients have new connection string
http://WSUSServer:1234

I've confirmed that client connectss to the WSUS server over this new port
number using TCPView (Sysinternals). Clients can also connect to
http://WSUSServer:1234/iuident.cab and download the file OK.

BUT, they are not showing in the console.

I've even reset the hardware ID:

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
SusClientId /f

@echo Triggering detection after resetting WSUS client identity
net stop wuauserv
net start wuauserv
wuauclt /resetauthorization /detectnow

But still nothing!

What have I don't wrong?

Cheers
Lea

Additional info:

In IIS I see two sites: Default and WSUS Admin

WSUS admin runs on 8531 and is used by the MMC snap-in (which needs to know
this port) - no problem there.

I changed the default port in IIS to 1234 (example)

I changed the reg entries of the client to point to http://WSUS_Server:1234

I can confirm conenction from client to WSUS_server using TCPView/Netstat
using the new port number.

Yet the client will NOT appear in WSUS

In trying to debug I've changed the clients Hardware Credentials and run
wuauclt.exe /detectnow (which has always worked well previously.

Sometimes it's all too difficult!

Any advice more than welcome.


Thanks
Lea


"LeaUK" wrote:

> Using just just HTTP currently.
>
> I wanted to use a non-standard port for clients to connect, so uninstalled
> WSUS (leaving database etc) and reinstalled and changed option such that
> Console created two web sites. I chose port 8530 as it was the only option.
>
> My understanding is I can now modify the default port 80 for the 'default'
> IIS website to what I require.
>
> I've done this and ensured that clients have new connection string
> http://WSUSServer:1234
>
> I've confirmed that client connectss to the WSUS server over this new port
> number using TCPView (Sysinternals). Clients can also connect to
> http://WSUSServer:1234/iuident.cab and download the file OK.
>
> BUT, they are not showing in the console.
>
> I've even reset the hardware ID:
>
> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> AccountDomainSid /f
> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> PingID /f
> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> SusClientId /f
>
> @echo Triggering detection after resetting WSUS client identity
> net stop wuauserv
> net start wuauserv
> wuauclt /resetauthorization /detectnow
>
> But still nothing!
>
> What have I don't wrong?
>
> Cheers
> Lea
>
>

For clarity:

I changed the default site port in IIS to 1234 (example)


I think I'm either reading the WSUS documentation incorrect or custom ports
are just not feasible.

The IIS log highlights the issue as it full of 404 errors to pages in the
WSUS Admin web site.

I changed the client's registry to use http://WSUS_Server:8530 and voila
they appear in the console fine.

So why does the WSUS doc say that it can run with custom ports...it can't

The edge firewall needs to allow port 80 and 8530 and presumably 8531 for
https( haven't even got there yet)

From the docs, my confusion is this line:

Include a custom port number in the URL directing the client computer to the
WSUS server (for example, http://WSUSServerNameortnumber).

'portnumber' cannot be custom, it has to be 8530!


Regards
Lea


"LeaUK" wrote:

> Additional info:
>
> In IIS I see two sites: Default and WSUS Admin
>
> WSUS admin runs on 8531 and is used by the MMC snap-in (which needs to know
> this port) - no problem there.
>
> I changed the default port in IIS to 1234 (example)
>
> I changed the reg entries of the client to point to http://WSUS_Server:1234
>
> I can confirm conenction from client to WSUS_server using TCPView/Netstat
> using the new port number.
>
> Yet the client will NOT appear in WSUS
>
> In trying to debug I've changed the clients Hardware Credentials and run
> wuauclt.exe /detectnow (which has always worked well previously.
>
> Sometimes it's all too difficult!
>
> Any advice more than welcome.
>
>
> Thanks
> Lea
>
>
> "LeaUK" wrote:
>
> > Using just just HTTP currently.
> >
> > I wanted to use a non-standard port for clients to connect, so uninstalled
> > WSUS (leaving database etc) and reinstalled and changed option such that
> > Console created two web sites. I chose port 8530 as it was the only option.
> >
> > My understanding is I can now modify the default port 80 for the 'default'
> > IIS website to what I require.
> >
> > I've done this and ensured that clients have new connection string
> > http://WSUSServer:1234
> >
> > I've confirmed that client connectss to the WSUS server over this new port
> > number using TCPView (Sysinternals). Clients can also connect to
> > http://WSUSServer:1234/iuident.cab and download the file OK.
> >
> > BUT, they are not showing in the console.
> >
> > I've even reset the hardware ID:
> >
> > reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> > AccountDomainSid /f
> > reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> > PingID /f
> > reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> > SusClientId /f
> >
> > @echo Triggering detection after resetting WSUS client identity
> > net stop wuauserv
> > net start wuauserv
> > wuauclt /resetauthorization /detectnow
> >
> > But still nothing!
> >
> > What have I don't wrong?
> >
> > Cheers
> > Lea
> >
> >

Perhaps this has turned into LeaUK's blog for WSUS - sorry..

Something very interesting...

Although WSUS requires a default IIS site on port 80, clients do NOT use it
- I guess it's something internal to WSUS.

Using TCPView I can see that clients only use the custom port in the
registry (8530):

http://WSUS_server:8530

I even removed the ISA port 80 FW policy and everything still works fine

Making good progress now

"LeaUK" wrote:

> For clarity:
>
> I changed the default site port in IIS to 1234 (example)
>
>
> I think I'm either reading the WSUS documentation incorrect or custom ports
> are just not feasible.
>
> The IIS log highlights the issue as it full of 404 errors to pages in the
> WSUS Admin web site.
>
> I changed the client's registry to use http://WSUS_Server:8530 and voila
> they appear in the console fine.
>
> So why does the WSUS doc say that it can run with custom ports...it can't
>
> The edge firewall needs to allow port 80 and 8530 and presumably 8531 for
> https( haven't even got there yet)
>
> From the docs, my confusion is this line:
>
> Include a custom port number in the URL directing the client computer to the
> WSUS server (for example, http://WSUSServerNameortnumber).
>
> 'portnumber' cannot be custom, it has to be 8530!
>
>
> Regards
> Lea
>
>
> "LeaUK" wrote:
>
> > Additional info:
> >
> > In IIS I see two sites: Default and WSUS Admin
> >
> > WSUS admin runs on 8531 and is used by the MMC snap-in (which needs to know
> > this port) - no problem there.
> >
> > I changed the default port in IIS to 1234 (example)
> >
> > I changed the reg entries of the client to point to http://WSUS_Server:1234
> >
> > I can confirm conenction from client to WSUS_server using TCPView/Netstat
> > using the new port number.
> >
> > Yet the client will NOT appear in WSUS
> >
> > In trying to debug I've changed the clients Hardware Credentials and run
> > wuauclt.exe /detectnow (which has always worked well previously.
> >
> > Sometimes it's all too difficult!
> >
> > Any advice more than welcome.
> >
> >
> > Thanks
> > Lea
> >
> >
> > "LeaUK" wrote:
> >
> > > Using just just HTTP currently.
> > >
> > > I wanted to use a non-standard port for clients to connect, so uninstalled
> > > WSUS (leaving database etc) and reinstalled and changed option such that
> > > Console created two web sites. I chose port 8530 as it was the only option.
> > >
> > > My understanding is I can now modify the default port 80 for the 'default'
> > > IIS website to what I require.
> > >
> > > I've done this and ensured that clients have new connection string
> > > http://WSUSServer:1234
> > >
> > > I've confirmed that client connectss to the WSUS server over this new port
> > > number using TCPView (Sysinternals). Clients can also connect to
> > > http://WSUSServer:1234/iuident.cab and download the file OK.
> > >
> > > BUT, they are not showing in the console.
> > >
> > > I've even reset the hardware ID:
> > >
> > > reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> > > AccountDomainSid /f
> > > reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> > > PingID /f
> > > reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> > > SusClientId /f
> > >
> > > @echo Triggering detection after resetting WSUS client identity
> > > net stop wuauserv
> > > net start wuauserv
> > > wuauclt /resetauthorization /detectnow
> > >
> > > But still nothing!
> > >
> > > What have I don't wrong?
> > >
> > > Cheers
> > > Lea
> > >
> > >
>
>
>

On 2010-03-17 2:10 a.m., LeaUK wrote:

> Something very interesting...
>
> Although WSUS requires a default IIS site on port 80, clients do NOT use it
> - I guess it's something internal to WSUS.

Depending on the OS, freshly installed clients may use this port for the initial
self-update of the Windows Update Agent. Early versions of the agent only
supported port 80.

My understanding is that you should be able to change the port from 8530 to
something else, but you need to change the site that's on 8530 rather than the
Default Web Site on port 80.

Harry.


>
> Using TCPView I can see that clients only use the custom port in the
> registry (8530):
>
> http://WSUS_server:8530
>
> I even removed the ISA port 80 FW policy and everything still works fine
>
> Making good progress now
>
> "LeaUK" wrote:
>
>> For clarity:
>>
>> I changed the default site port in IIS to 1234 (example)
>>
>>
>> I think I'm either reading the WSUS documentation incorrect or custom ports
>> are just not feasible.
>>
>> The IIS log highlights the issue as it full of 404 errors to pages in the
>> WSUS Admin web site.
>>
>> I changed the client's registry to use http://WSUS_Server:8530 and voila
>> they appear in the console fine.
>>
>> So why does the WSUS doc say that it can run with custom ports...it can't
>>
>> The edge firewall needs to allow port 80 and 8530 and presumably 8531 for
>> https( haven't even got there yet)
>>
>> From the docs, my confusion is this line:
>>
>> Include a custom port number in the URL directing the client computer to the
>> WSUS server (for example, http://WSUSServerNameortnumber).
>>
>> 'portnumber' cannot be custom, it has to be 8530!
>>
>>
>> Regards
>> Lea
>>
>>
>> "LeaUK" wrote:
>>
>>> Additional info:
>>>
>>> In IIS I see two sites: Default and WSUS Admin
>>>
>>> WSUS admin runs on 8531 and is used by the MMC snap-in (which needs to know
>>> this port) - no problem there.
>>>
>>> I changed the default port in IIS to 1234 (example)
>>>
>>> I changed the reg entries of the client to point to http://WSUS_Server:1234
>>>
>>> I can confirm conenction from client to WSUS_server using TCPView/Netstat
>>> using the new port number.
>>>
>>> Yet the client will NOT appear in WSUS
>>>
>>> In trying to debug I've changed the clients Hardware Credentials and run
>>> wuauclt.exe /detectnow (which has always worked well previously.
>>>
>>> Sometimes it's all too difficult!
>>>
>>> Any advice more than welcome.
>>>
>>>
>>> Thanks
>>> Lea
>>>
>>>
>>> "LeaUK" wrote:
>>>
>>>> Using just just HTTP currently.
>>>>
>>>> I wanted to use a non-standard port for clients to connect, so uninstalled
>>>> WSUS (leaving database etc) and reinstalled and changed option such that
>>>> Console created two web sites. I chose port 8530 as it was the only option.
>>>>
>>>> My understanding is I can now modify the default port 80 for the 'default'
>>>> IIS website to what I require.
>>>>
>>>> I've done this and ensured that clients have new connection string
>>>> http://WSUSServer:1234
>>>>
>>>> I've confirmed that client connectss to the WSUS server over this new port
>>>> number using TCPView (Sysinternals). Clients can also connect to
>>>> http://WSUSServer:1234/iuident.cab and download the file OK.
>>>>
>>>> BUT, they are not showing in the console.
>>>>
>>>> I've even reset the hardware ID:
>>>>
>>>> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
>>>> AccountDomainSid /f
>>>> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
>>>> PingID /f
>>>> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
>>>> SusClientId /f
>>>>
>>>> @echo Triggering detection after resetting WSUS client identity
>>>> net stop wuauserv
>>>> net start wuauserv
>>>> wuauclt /resetauthorization /detectnow
>>>>
>>>> But still nothing!
>>>>
>>>> What have I don't wrong?
>>>>
>>>> Cheers
>>>> Lea
>>>>
>>>>
>>
>>
>>


--
Harry Johnston
http://harryjohnston.wordpress.com

On Tue, 16 Mar 2010 03:25:01 -0700, LeaUK <>
wrote:

>Additional info:
>
>In IIS I see two sites: Default and WSUS Admin
>
>WSUS admin runs on 8531 and is used by the MMC snap-in (which needs to know
>this port) - no problem there.

Your other thread is titled WSUS 3 SP2 so I presume this is your version. WSUS 3
has no admin web site.

>
>I changed the default port in IIS to 1234 (example)
I do not think you can do this. The self update site must be on port 80 if older
XP clients are to self update. I don't see anywhere what client and SP level you
are using.

>
>I changed the reg entries of the client to point to http://WSUS_Server:1234
>
>I can confirm conenction from client to WSUS_server using TCPView/Netstat
>using the new port number.
>
>Yet the client will NOT appear in WSUS
>
>In trying to debug I've changed the clients Hardware Credentials and run
>wuauclt.exe /detectnow (which has always worked well previously.
>
>Sometimes it's all too difficult!
>
>Any advice more than welcome.
>
>
>Thanks
>Lea
>
>
>"LeaUK" wrote:
>
>> Using just just HTTP currently.
>>
>> I wanted to use a non-standard port for clients to connect, so uninstalled
>> WSUS (leaving database etc) and reinstalled and changed option such that
>> Console created two web sites. I chose port 8530 as it was the only option.
>>
>> My understanding is I can now modify the default port 80 for the 'default'
>> IIS website to what I require.
>>
>> I've done this and ensured that clients have new connection string
>> http://WSUSServer:1234
>>
>> I've confirmed that client connectss to the WSUS server over this new port
>> number using TCPView (Sysinternals). Clients can also connect to
>> http://WSUSServer:1234/iuident.cab and download the file OK.
>>
>> BUT, they are not showing in the console.
>>
>> I've even reset the hardware ID:
>>
>> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
>> AccountDomainSid /f
>> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
>> PingID /f
>> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
>> SusClientId /f
>>
>> @echo Triggering detection after resetting WSUS client identity
>> net stop wuauserv
>> net start wuauserv
>> wuauclt /resetauthorization /detectnow
>>
>> But still nothing!
>>
>> What have I don't wrong?
>>
>> Cheers
>> Lea
>>
>>
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.

On 2010-03-17 11:02 a.m., Dave Mills wrote:

> Your other thread is titled WSUS 3 SP2 so I presume this is your version. WSUS 3
> has no admin web site.

Yes it does, it just isn't human-viewable. The admin console uses HTTP(s) to
talk to WSUS.

Harry.


>
>>
>> I changed the default port in IIS to 1234 (example)
> I do not think you can do this. The self update site must be on port 80 if older
> XP clients are to self update. I don't see anywhere what client and SP level you
> are using.
>
>>
>> I changed the reg entries of the client to point to http://WSUS_Server:1234
>>
>> I can confirm conenction from client to WSUS_server using TCPView/Netstat
>> using the new port number.
>>
>> Yet the client will NOT appear in WSUS
>>
>> In trying to debug I've changed the clients Hardware Credentials and run
>> wuauclt.exe /detectnow (which has always worked well previously.
>>
>> Sometimes it's all too difficult!
>>
>> Any advice more than welcome.
>>
>>
>> Thanks
>> Lea
>>
>>
>> "LeaUK" wrote:
>>
>>> Using just just HTTP currently.
>>>
>>> I wanted to use a non-standard port for clients to connect, so uninstalled
>>> WSUS (leaving database etc) and reinstalled and changed option such that
>>> Console created two web sites. I chose port 8530 as it was the only option.
>>>
>>> My understanding is I can now modify the default port 80 for the 'default'
>>> IIS website to what I require.
>>>
>>> I've done this and ensured that clients have new connection string
>>> http://WSUSServer:1234
>>>
>>> I've confirmed that client connectss to the WSUS server over this new port
>>> number using TCPView (Sysinternals). Clients can also connect to
>>> http://WSUSServer:1234/iuident.cab and download the file OK.
>>>
>>> BUT, they are not showing in the console.
>>>
>>> I've even reset the hardware ID:
>>>
>>> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
>>> AccountDomainSid /f
>>> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
>>> PingID /f
>>> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
>>> SusClientId /f
>>>
>>> @echo Triggering detection after resetting WSUS client identity
>>> net stop wuauserv
>>> net start wuauserv
>>> wuauclt /resetauthorization /detectnow
>>>
>>> But still nothing!
>>>
>>> What have I don't wrong?
>>>
>>> Cheers
>>> Lea
>>>
>>>


--
Harry Johnston
http://harryjohnston.wordpress.com

"Harry Johnston [MVP]" wrote:

> On 2010-03-17 2:10 a.m., LeaUK wrote:
>
> > Something very interesting...
> >
> > Although WSUS requires a default IIS site on port 80, clients do NOT use it
> > - I guess it's something internal to WSUS.
>
> Depending on the OS, freshly installed clients may use this port for the initial
> self-update of the Windows Update Agent. Early versions of the agent only
> supported port 80.
>
> My understanding is that you should be able to change the port from 8530 to
> something else, but you need to change the site that's on 8530 rather than the
> Default Web Site on port 80.
>
> Harry.
>


Thanks for the clarification. The documentation is ambiguous, but my
testing has revealed port 80 is required internally by WSUS (to enumerate
clients into the console) but isn't used by the actual client connection
(WUA) when running XP SP2. I cannot confirm for elder OSs or SP levels.

I'll see if I can change the WSUS Administration IIS site to something other
than 8530... I suspect I can ;-)

Cheers
Lea


>
> >
> > Using TCPView I can see that clients only use the custom port in the
> > registry (8530):
> >
> > http://WSUS_server:8530
> >
> > I even removed the ISA port 80 FW policy and everything still works fine
> >
> > Making good progress now
> >
> > "LeaUK" wrote:
> >
> >> For clarity:
> >>
> >> I changed the default site port in IIS to 1234 (example)
> >>
> >>
> >> I think I'm either reading the WSUS documentation incorrect or custom ports
> >> are just not feasible.
> >>
> >> The IIS log highlights the issue as it full of 404 errors to pages in the
> >> WSUS Admin web site.
> >>
> >> I changed the client's registry to use http://WSUS_Server:8530 and voila
> >> they appear in the console fine.
> >>
> >> So why does the WSUS doc say that it can run with custom ports...it can't
> >>
> >> The edge firewall needs to allow port 80 and 8530 and presumably 8531 for
> >> https( haven't even got there yet)
> >>
> >> From the docs, my confusion is this line:
> >>
> >> Include a custom port number in the URL directing the client computer to the
> >> WSUS server (for example, http://WSUSServerNameortnumber).
> >>
> >> 'portnumber' cannot be custom, it has to be 8530!
> >>
> >>
> >> Regards
> >> Lea
> >>
> >>
> >> "LeaUK" wrote:
> >>
> >>> Additional info:
> >>>
> >>> In IIS I see two sites: Default and WSUS Admin
> >>>
> >>> WSUS admin runs on 8531 and is used by the MMC snap-in (which needs to know
> >>> this port) - no problem there.
> >>>
> >>> I changed the default port in IIS to 1234 (example)
> >>>
> >>> I changed the reg entries of the client to point to http://WSUS_Server:1234
> >>>
> >>> I can confirm conenction from client to WSUS_server using TCPView/Netstat
> >>> using the new port number.
> >>>
> >>> Yet the client will NOT appear in WSUS
> >>>
> >>> In trying to debug I've changed the clients Hardware Credentials and run
> >>> wuauclt.exe /detectnow (which has always worked well previously.
> >>>
> >>> Sometimes it's all too difficult!
> >>>
> >>> Any advice more than welcome.
> >>>
> >>>
> >>> Thanks
> >>> Lea
> >>>
> >>>
> >>> "LeaUK" wrote:
> >>>
> >>>> Using just just HTTP currently.
> >>>>
> >>>> I wanted to use a non-standard port for clients to connect, so uninstalled
> >>>> WSUS (leaving database etc) and reinstalled and changed option such that
> >>>> Console created two web sites. I chose port 8530 as it was the only option.
> >>>>
> >>>> My understanding is I can now modify the default port 80 for the 'default'
> >>>> IIS website to what I require.
> >>>>
> >>>> I've done this and ensured that clients have new connection string
> >>>> http://WSUSServer:1234
> >>>>
> >>>> I've confirmed that client connectss to the WSUS server over this new port
> >>>> number using TCPView (Sysinternals). Clients can also connect to
> >>>> http://WSUSServer:1234/iuident.cab and download the file OK.
> >>>>
> >>>> BUT, they are not showing in the console.
> >>>>
> >>>> I've even reset the hardware ID:
> >>>>
> >>>> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> >>>> AccountDomainSid /f
> >>>> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> >>>> PingID /f
> >>>> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> >>>> SusClientId /f
> >>>>
> >>>> @echo Triggering detection after resetting WSUS client identity
> >>>> net stop wuauserv
> >>>> net start wuauserv
> >>>> wuauclt /resetauthorization /detectnow
> >>>>
> >>>> But still nothing!
> >>>>
> >>>> What have I don't wrong?
> >>>>
> >>>> Cheers
> >>>> Lea
> >>>>
> >>>>
> >>
> >>
> >>
>
>
> --
> Harry Johnston
> http://harryjohnston.wordpress.com
> .
>

"Dave Mills" wrote:

> On Tue, 16 Mar 2010 03:25:01 -0700, LeaUK <>
> wrote:
>
> >Additional info:
> >
> >In IIS I see two sites: Default and WSUS Admin
> >
> >WSUS admin runs on 8531 and is used by the MMC snap-in (which needs to know
> >this port) - no problem there.
>
> Your other thread is titled WSUS 3 SP2 so I presume this is your version. WSUS 3
> has no admin web site.


Hi Dave, yes WSUS v3 SP2 - well spotted!

IIS shows two distinct sites when WSUS is installed using the non-default
IIS setting (I forget their terminology).

Essentially it creates two Virtual web sites beneath the 'Default Web Site'
which has to run on port 80 and creates a new web site 'WSUS Administration'
(and by default on port 8530) but there is no web admin console as previous
versions.

I think this port can be changed, but testing will show later..

Lea

>
> >
> >I changed the default port in IIS to 1234 (example)
> I do not think you can do this. The self update site must be on port 80 if older
> XP clients are to self update. I don't see anywhere what client and SP level you
> are using.
>
> >
> >I changed the reg entries of the client to point to http://WSUS_Server:1234
> >
> >I can confirm conenction from client to WSUS_server using TCPView/Netstat
> >using the new port number.
> >
> >Yet the client will NOT appear in WSUS
> >
> >In trying to debug I've changed the clients Hardware Credentials and run
> >wuauclt.exe /detectnow (which has always worked well previously.
> >
> >Sometimes it's all too difficult!
> >
> >Any advice more than welcome.
> >
> >
> >Thanks
> >Lea
> >
> >
> >"LeaUK" wrote:
> >
> >> Using just just HTTP currently.
> >>
> >> I wanted to use a non-standard port for clients to connect, so uninstalled
> >> WSUS (leaving database etc) and reinstalled and changed option such that
> >> Console created two web sites. I chose port 8530 as it was the only option.
> >>
> >> My understanding is I can now modify the default port 80 for the 'default'
> >> IIS website to what I require.
> >>
> >> I've done this and ensured that clients have new connection string
> >> http://WSUSServer:1234
> >>
> >> I've confirmed that client connectss to the WSUS server over this new port
> >> number using TCPView (Sysinternals). Clients can also connect to
> >> http://WSUSServer:1234/iuident.cab and download the file OK.
> >>
> >> BUT, they are not showing in the console.
> >>
> >> I've even reset the hardware ID:
> >>
> >> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> >> AccountDomainSid /f
> >> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> >> PingID /f
> >> reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate /v
> >> SusClientId /f
> >>
> >> @echo Triggering detection after resetting WSUS client identity
> >> net stop wuauserv
> >> net start wuauserv
> >> wuauclt /resetauthorization /detectnow
> >>
> >> But still nothing!
> >>
> >> What have I don't wrong?
> >>
> >> Cheers
> >> Lea
> >>
> >>
> --
> Dave Mills
> There are 10 types of people, those that understand binary and those that don't.
> .
>

"LeaUK" <> wrote in message
news:8FFB6538-9DEB-4392-9039-...

> but my
> testing has revealed port 80 is required internally by WSUS (to enumerate
> clients into the console) but isn't used by the actual client connection
> (WUA) when running XP SP2.

I'm not sure what testing you've performed, but here's the factual summary
of the use of the Default Web Site:

The DWS is used by any AU client v5.8.3700.1000 (I vaguely recall that as
the exact build number), but essentially anything below v5.8.x.x that is not
capable of connecting with SSL or with a port other than port 80. The older
AU client could only connect on port 80 using a non-SSL connection. The
service on the Default Web Site is provided solely for the purpose of
allowing the AU client to 'selfupdate' to the latest WUAgent (distributed by
the WSUS server). As a secondary function of the AU client connecting to
selfupdate, the client machine is registered with the WSUS server and
reports as "No Status" for all updates until the selfupdate is completed and
a subsequent detection is performed.

It is not WSUS that requires port 80, but solely the legacy AU clients that
shipped with Windows 2000 and Windows XP.

For Window Server 2003 SP1 and later systems, nary a single packet of
traffic passes across port 80 if the WSUS server is configured to use port
8530 -- except if the Client Diagnostic Tool is used. The CDT *always*
checks for selfupdate functionality on port 80 and never on port 8530.


> I'll see if I can change the WSUS Administration IIS site to something
> other
> than 8530... I suspect I can ;-)

While not impossible, this requires a solid understanding of the internals
of the operation of the WSUS server, as well as reconfiguration of some
items not documented; furthemore, while not impossible, operating a WSUS
server on ports other than 8530 or 80 is not a supported configuration.


--
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)

My Blog: http://onsitechsolutions.spaces.live.com
Microsoft WSUS Website: http://www.microsoft.com/wsus
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin